package com.alexb.tasksreport.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import com.google.appengine.api.users.UserService;
import com.google.appengine.api.users.UserServiceFactory;

public class SecureCrossDomain implements Filter {

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
        throws IOException, ServletException {
    	
    	UserService userService = UserServiceFactory.getUserService();
    	
    	if(response instanceof HttpServletResponse) {
    		
    		HttpServletResponse httpResponse = (HttpServletResponse)response;
    		
    		if (userService.isUserLoggedIn()) {
    	   	
        		httpResponse.addHeader("Access-Control-Allow-Origin", "*");
        		httpResponse.addHeader("Access-Control-Allow-Methods", "*");
  
        		filterChain.doFilter(request, response);
    		}
      	}
    }
  
    @Override
    public void destroy() {}

	@Override
	public void init(FilterConfig arg0) throws ServletException {}

}
